You’re one employee mistake away from a major data breach. That’s the frustrating reality that managers face in our cybersecurity environment. There are several ways to address the issue. You can enforce more complex passwords. You can implement multi-factor authentication. In our view, the missing ingredient is employee training.
Find out why password management employee training matters and how to deliver a training program quickly. In a week, you can effectively reduce your cybersecurity exposure dramatically.
Why Do You Need Password Management Training?
Before you commit a few days to building and delivering training, you probably want to know why you should bother in the first place. It’s a good question. After all, there are other ways to improve your cybersecurity program. The answer is simple. Employee-related activities are one of the most significant causes of cybersecurity failure today. Take a closer look at some of these recent studies and events.
- Misplaced Trust. A recent industry report found that “17% of employees would trust a friend with their work passwords.” That’s an alarming statistic that suggests a significant number of employees take a casual attitude to security. Password sharing increases the likelihood of password misuse!
- Sony Mishandled Passwords. Large companies still have room to improve when it comes to password management. In 2014, The Telegraph reported that Sony stored thousands of passwords in a folder named “Passwords.” Someone then leaked this information. This basic failure to obscure sensitive credentials is a major failure. Other companies also suffered from this incident. “Most of the files are labelled in plain text and without password protection. One file uncovered by BuzzFeed included hundreds of clearly-labelled Facebook, MySpace, YouTube and Twitter usernames and passwords for major motion picture social accounts.” If companies managed passwords better, data breaches like this might not happen.
In addition to these incidents, employee misconduct is another consideration. If employee passwords are easy to guess, the probability that a disgruntled employee can do damage is higher. Fortunately, these incidents are preventable. The next step is to determine your training goal.
Choose Your Training Goal: Reducing Risk Through Password Management
Before you do anything else, set your goals for the password management training program. We suggest examining what other security training your company is currently providing to employees. If an existing training module covers passwords extensively, you can scale down your training on the topic. If there is no coverage of password management, you will need to cover it more thoroughly.
In our experience, password management training involves the following goals.
- Equip. Unless they are security professionals, your employees do not think much about password management techniques and methods. Therefore, they need practical tips and tactics to improve their approach.
- Raise Awareness. Many professionals know about cybersecurity incidents, but they might not connect the dots to passwords. Help them understand that the passwords they use at work are a key component to protecting employee data, customer data, and other sensitive information.
- Set Expectations. As a manager, you have to monitor your employees and make sure they follow company policies. To avoid endless “but you never told me how important passwords are!” debates, use the training session to clarify what you expect.
Organize Your Training Delivery for the Best Results
There are two methods to deliver password management to employees: online and offline. We recommend using both methods for the best results. The online component will include checklists, tip sheets, videos, and other materials that explain password management. Afterward, schedule a meeting to discuss the password management program.
Make sure that you include evaluation and record keeping in your password management training. Specifically, you’ll want a record that shows that each employee in your department has completed the training. This can be as simple as asking your direct reports to send you an email confirming they have completed the online training. Once you have all the responses, save them in your files in case an auditor asks about your security training practices.
Recommended Key Points in Your Password Management Training
For your password management training to stick, there are some essentials that you will need to cover. Use the following topics to create your outline.
- Why Password Management Matters. Adult learning is more effective when you start with a clear rationale. You will need to cover the benefits of preventing fraud, maintaining the company’s reputation, and protecting customers.
- Password Creation Tips. Review some of the best practices experts recommend for passwords by creating a password checklist. Use Harvard University’s guidelines for complex passwords to inform your approach.
- Most Common Password Mistakes. Educate your employees on the most common password mistakes they need to avoid. For example, you might want to tell them to avoid reusing personal passwords on company systems.
- Demonstrate Company Password Tools. If your company has a tool like Password Management, take a few minutes to demonstrate it. Password Management makes it easy for employees to manage their own passwords instead of constantly calling the help desk for assistance.
- Review Other Cybersecurity Resources at Your Organization. If you are delivering a focused session in an hour or less, you cannot possibly cover every aspect of your company’s security program. That’s why we suggest including a list of the departments, applications, and other resources that employees need to know about during your training.
- Encourage Questions and Discussion. In planning your schedule, make time to include time for questions and discussion.
There is only one more point we need to cover today. If you miss this step, your employees might forget to apply everything you covered in your training session.
The Next Step To Improve Employee Password Management
Well-trained employees are much more likely to keep your organization safe. But they might fail to follow through and use your password training. Why? If you force employees to call the help desk for password resets, they are less likely to choose strong passwords. Fortunately, there is a way to remove this security roadblock. Add Password Management to your company’s security program, and passwords will be easy to manage.